Data Security Manager (beta)

• 1: File System Encryption for Linux

1 - File System Encryption for Linux

File System Encryption for Linux

This is a quick setup guide for File System Encryption (FSE) using Elastx Data Security Manager.

1. Log in to Elastx DSM https://hsm.elastx..cloud and enter the account you want to use.
2. Create a Group and set a name. A group can contain multiple secrets but if you want to use quorum approvals you can only manage one FSE per group.
3. Create an app and set a name.
   1. Select the default API Key and the authentication method.
   2. Assigning the app to the group you just created.
4. Get the API Key, select the app you created, under Info > API Key, press the “VIEW API KEY DETAILS” button.
5. Log in to the Linux machine where you want to encrypt data. (These instructions are made for Ubuntu 24.04)
   1. Install fuse.
      sudo apt install libfuse2
   2. Download and install the FSE agent.
      wget https://download.fortanix.com/clients/FSE/1.10.147/fortanix-dsm-fseagent-1.10.147.deb
sudo apt install ./fortanix-dsm-fseagent-1.10.147.deb
   3. Create a directory where the configuration and the encrypted files will be stored and a mount point
      sudo mkdir /fse /data
   4. Configure the file system
      sudo fortanix-dsm-fseagent -dsm -init /fse
      1. Enter the DSM Endpoint: https://hsm.elastx.cloud
      2. Enter the Api Key: <api key>
         There is no text echo, paste the key and press enter.
   5. Mount the filesystem
      sudo fortanix-dsm-fseagent --allow_other /fse /data
      1. Enter the Api Key: <api key>
         (twice)
6. If you want to automatically mount the filesystem at boot do the following.
   1. Add the API key to file /etc/fse-auto-mount/api_keys/1.conf
   2. Add the mount command to file /etc/fse-auto-mount/mount_cmd/1.conf
   3. Reload systemd to apply the changes
      sudo systemctl daemon-reload
   4. Enable the service
      sudo systemctl enable fse-auto-mount@1.service
7. Done

You can find the full documentation here.